On May 12, 2021, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity following a series of highly publicized cybersecurity incidents during the first four months of his presidency, including the Colonial Pipeline attack, which revealed vulnerabilities within the nation’s infrastructure and information systems. While this is not the first executive order issued to enhance the nation’s cyber defenses, it is the executive order most likely to have an impact and result in a change in light of the White House’s statement that “[r]ecent cybersecurity incidents . . . are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals . . . [as well as] insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents.”
This should serve as a wake-up call to everyone to review their security protocols and test their systems to ensure they are appropriately secured. This Executive Order establishes standards and requirements for information systems used or operated by federal agencies, their contractors, and other organizations working on behalf of a federal agency, including upgrading cyber defenses; enhancements to logging critical information related to an incident; establishing a straightforward, consistent, and universal methodology for responding to incidents; and establishing and requiring affected entities to share information safely and securely following an incident. The Executive Order aims to strengthen the United States’ cybersecurity defenses by:
While this Executive Order does not introduce anything new that has not been discussed or known for years, implementing the steps outlined in the Executive Order will be critical in light of the recent increase in cybersecurity attacks. While additional regulations will still need to be drafted, the Executive Order establishes a baseline of cybersecurity best practices that all companies should consider.